Wednesday, January 31, 2018

Using iotop to monitor and minimize reads/writes

Use can your Linux distro’s package manager to install iotop which is a top
like utility for disk I/O. It monitors disk I/O usage information
output by the Linux kernel (2.6.20+) and displays a table of current
usage by processes on the system. Use iotop with the following options:

iotop -oPa

Then let iotop monitor things for a few mins or hours depending on
how intense disk I/O is. This will result in a top-like screen
which makes it easy to identify processes that are hogging your disk
I/O. Have a look at the screenshot below as an example. I used the
iotop -oPa command and let it sit for a few minutes in the background:

Friday, January 26, 2018

to combat user access abuse with nfs protocols, there is a method called "squash" which takes care of making sure that accesses with can be mapped properly to correct ownership on the server end.

The NFS protocol embeds the path in the protocol in such a way that there can be mismatches from client to server. Unix user id and group id numbers are used, and unless they are coordinated from end to end, a user accessed whatever user on the server that has is user number.

Also the special user, root, zero is especially dangerous, since access root owned files on the server might allow the client to modify privileged files.

The squash allows the server to do one of two actions. To prevent write access to files on the server, the root_squash means that any root files written will be 'squashed' to the ownership and group of the configured 'nobody' user on the server. One can have a root user on a client, create a file on a directory on the server, and that file will end up owned by the 'nobody' user preventing access to root privilege via that means.

"all_squash" allows all ids accessing the server for write to be forced to the guest nobody user.

The no_root_squash option disables the squash, and gives access in any way the client requests w/o any squashing.

The excerpt below has other options, but is clipped from the reference above.

root_squash

Map requests from uid/gid 0 to the anonymous uid/gid. Note that
this does not apply to any other uids or gids that might be equally
sensitive, such as user
bin or group staff.

no_root_squash

Turn off root squashing. This option is mainly useful for diskless clients.

all_squash

Map all uids and gids to the anonymous user. Useful for
NFS-exported public FTP directories, news spool directories, etc. The
opposite option is
no_all_squash, which is the default setting.

anonuid and anongid

These options explicitly set the uid and gid of the anonymous
account. This option is primarily useful for PC/NFS clients, where you
might want all requests
appear to be from one user. As an example, consider the export entry for
/home/joe in the example section below, which maps all requests to uid 150
(which is supposedly that of user joe).

Next, you will need to modify the .bashrc file. There are a few text editors that work under WSL. I suggest to use vim or nano, e.g.:

1 cd ~2 nano .bashrc

The second command from above will open .bashrc in nano and you can scroll to the end of the file and write:

1 exportDISPLAY=:0.0

Save the modified file by pressing CTRL+X and answering Y when asked if you want to save the file. Close and restart the console window.
Next, you will need to install an X server for Windows. I suggest VcXsrv which works well with WSL. Download and start the installer, you can safely accept the default settings.